Alpaquita Linux
Security Advisory

CVE-2022-4172

Published: November 29, 2022Last modified: November 8, 2023

Description

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Severity score breakdown

ParameterValue
Base score6.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSqemuVulnerable (7.1.0-r4)
StreamqemuNot affected (8.0.4-r0)

References

ON THIS PAGE